Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus 2010 /antispyware doctor


  • This topic is locked This topic is locked
15 replies to this topic

#1 milansu45

milansu45

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 06 September 2010 - 04:22 PM

Moderator note: Prep. guide has been followed, please do not move topic. ~ OB

First time posting so bear with me...
I'm trying to work a fix on my daughter's Windows XP (SP2) Sony Vaio laptop. I thought I had just about killed off Antispyware doctor using mbam.
Here's how it went:
Tried to run rkill.com in safemode but it found no processes to kill. Then read mbam is not going to be as effective in safemode, so I decided to do it all in the Windows admin account. The process at first seemed hidden, but I was eventually able to see which process I needed to kill in task manager (mediafix70700en02.exe), that would allow running mbam. As soon as that was done mbam ran and finished. I'd made sure mbam was updated before I ran it. It found and deleted 13 obvious rogue components. I deleted the shortcut to the antispyware doctor out of startup folder. Then rebooted into Admin account and all seemed OK for awhile. While checking files and folders for damage I found Windows firewall (ICF) had been disabled and could not be enabled without error message. Also Internet Options/connections/ LAN settings tab was set for proxy server, which I knew was wrong. I changed it back to automatically detect, thinking Antispyware Doctor had messed with it. I thought things were not looking too bad so I tried to check startups in msconfig. As soon as I did a small installer popped up and ran, and now I've got AntiVirus 2010. (latest variant it seems!)

I did get DDS off onto the desktop while in safe-mode using a USB drive. Booted back up to the Windows Admin account and double-clicked on dds.scr and it ran and had a chance to collect and save it's log files to desktop. Disabled drive emulation with defogger. Then Antivirus 2010 just got in the way too much to get any further. Had gmer opened momentarily but I really just had to shut-down. Damn malicious stuff. Must run from hidden rootkit. I'm writing this post on my thinkpad and the Vaio is next to me. Afraid to boot the Vaio back up. We are behind wireless router, but no network discovery or file and print-sharing going on.
I could probably go get gmer to run and collect a log file, but I have a hunch the antivirus 2010 won't let it. I could also probably get those DDS log files as well. I'm not sure if I can get a browser window open long enough to upload the files. I'm thinking of getting the log files off on to removable media and send them from another computer. But I'm not sure if I risk spreading the infection. Getting paranoid now.
I'm a afraid to stick a USB drive back in the laptop for fear it will get infected.

Need help on this one. Thanks!

Mike

Edited by Orange Blossom, 06 September 2010 - 04:51 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 13 September 2010 - 12:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 milansu45

milansu45
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 19 September 2010 - 10:09 PM

attn: myrti
finally had a chance to gather and upload the 2 files generated by OTL.exe. Sorry for delay, but have full-time job. Still have interested in getting the infected laptop repaired. Please review the log files and advise when you have chance. I have not touched the infected Vaio laptop since my first post on Sept. 13th. Except to go back on and ran OTL.exe to get the necessary files and uploaded on Saturday.

Thanks for your help.

Mike - Seattle 9/19/10.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 21 September 2010 - 02:55 AM

Hi,

there are no attachments made to your reply. Please copy the logs into your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 milansu45

milansu45
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 21 September 2010 - 09:22 PM

Yes sorry!. I did it incorrectly. I uploaded the 2 files as as attachments which is not as per instructions. I thought that would work. Course that was a few days ago. Maybe attachments get deleted after a time. I'll redo it correctly tonite.
regards mike

Okay. Here ya go..
________________________________

OTL logfile created on: 9/21/2010 7:06:42 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\demo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 38.93 Gb Free Space | 44.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 30.17 Mb Total Space | 25.03 Mb Free Space | 82.96% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 74DB451F69A44E8
Current User Name: demo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 19:29:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Desktop\OTL.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/08/05 10:56:58 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/06/15 11:06:44 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 11:06:44 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 11:06:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/06/03 01:49:40 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/06/03 01:47:44 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/06/03 01:46:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 19:29:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (userinit)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2007/01/25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/06/15 11:06:44 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/06/15 11:06:44 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/06/15 11:06:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 11:06:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/06/07 09:58:28 | 001,851,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/06/07 03:44:10 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/06/07 03:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/06/07 03:37:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/06/07 01:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/06/07 01:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/06/07 01:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/06/03 05:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/06/03 01:49:40 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/06/03 01:47:44 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/06/03 01:46:28 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/05 13:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NSNDIS5.SYS -- (NSNDIS5)
DRV - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\2.tmp -- (MEMSWEEP2)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/12 17:33:22 | 000,231,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/08/12 04:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/05/23 10:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 10:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 10:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/03 07:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/04/30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/11/22 13:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 20:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (EN)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: close@doubleclick:1.12
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: showParentFolder@alice:1.7
FF - prefs.js..extensions.enabledItems: {3541c267-2580-4144-854e-2e05c8670121}:1.5.4
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:4.2.4


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/18 17:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/27 18:39:46 | 000,000,000 | ---D | M]

[2010/02/27 18:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\demo\Application Data\Mozilla\Extensions
[2010/07/15 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions
[2010/02/27 18:46:59 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/06/15 21:11:25 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
[2010/02/27 18:45:32 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/02/27 18:45:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/02/27 18:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2009/07/20 19:24:00 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2009/07/20 19:24:00 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2010/01/17 10:33:50 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/02/27 19:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\bug489729@alice0775
[2010/02/27 19:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\close@doubleclick
[2010/07/15 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\extensions\showParentFolder@alice
[2008/03/02 18:45:40 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\searchplugins\dictionarycom.xml
[2007/03/24 13:40:02 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\searchplugins\fanfictionnet.xml
[2007/03/24 11:58:23 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\searchplugins\imdb.xml
[2007/03/24 13:39:32 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\searchplugins\livejournal-interest.xml
[2007/03/24 11:57:59 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\searchplugins\wikipedia-en.xml
[2008/02/10 21:24:00 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\demo\Application Data\Mozilla\Firefox\Profiles\0eefqzi1.default\searchplugins\youtube-video-search.xml
[2010/02/28 11:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/05 14:51:04 | 000,033,129 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activity.serving-sys.com
O1 - Hosts: 127.0.0.1 bs.serving-sys.com #[Ad-Aware.Tracking Cookie]
O1 - Hosts: 127.0.0.1 datacapture.serving-sys.com
O1 - Hosts: 127.0.0.1 ds.serving-sys.com #[Ewido.TrackingCookie.Serving-sys][a158.x.akamai.net]
O1 - Hosts: 127.0.0.1 www.advertising.com
O1 - Hosts: 127.0.0.1 click.atdmt.com
O1 - Hosts: 127.0.0.1 z1.adserver.com
O1 - Hosts: 127.0.0.1 adserver.com
O1 - Hosts: 127.0.0.1 serv.adspeed.com
O1 - Hosts: 127.0.0.1 adq.nextag.com
O1 - Hosts: 127.0.0.1 nextag.com
O1 - Hosts: 127.0.0.1 www.adserver.com
O1 - Hosts: 127.0.0.1 www.hitslink.com
O1 - Hosts: 127.0.0.1 as.casalemedia.com
O1 - Hosts: 127.0.0.1 counter.hitslink.com
O1 - Hosts: 127.0.0.1 counter.hitslink.com
O1 - Hosts: 127.0.0.1 counter2.hitslink.com
O1 - Hosts: 127.0.0.1 citi.bridgetrack.com #[IE-SpyAd][Ad-Aware.Tracking Cookie]
O1 - Hosts: 127.0.0.1 rccl.bridgetrack.com
O1 - Hosts: 127.0.0.1 data.coremetrics.com
O1 - Hosts: 127.0.0.1 test.coremetrics.com
O1 - Hosts: 127.0.0.1 twci.coremetrics.com
O1 - Hosts: 127.0.0.1 ads.addynamix.com
O1 - Hosts: 127.0.0.1 www.mylinker.net
O1 - Hosts: 911 more lines...
O3 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe File not found
O4 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006..\Run: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1050706010-1972421946-1185719297-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1254591618500 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\demo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/25 13:08:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/05 21:27:29 | 000,000,000 | ---D | M] - C:\autoruns -- [ NTFS ]
O33 - MountPoints2\{350cc5bf-fb45-11db-9346-00014acbc700}\Shell - "" = AutoRun
O33 - MountPoints2\{350cc5bf-fb45-11db-9346-00014acbc700}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{350cc5bf-fb45-11db-9346-00014acbc700}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{af9c2d08-042b-11dc-9350-00014acbc700}\Shell\AutoRun\command - "" = F:\PStart.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3F7924B9-D148-3141-87B1-68F36043A940} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EDA9F30A-8B65-3E6F-B353-CCA1C9241471} - .NET Framework
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/21 19:03:34 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\demo\Desktop\OTL.exe
[2010/09/05 21:27:29 | 000,000,000 | ---D | C] -- C:\autoruns
[2010/09/05 14:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/09/05 13:10:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/05 13:10:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/05 13:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/05 13:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/05 13:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/05 11:43:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/05 08:03:48 | 000,000,000 | ---D | C] -- C:\bd_logs
[2010/09/02 14:48:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\demo\.COMMgr
[2010/09/02 14:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\demo\Local Settings\Application Data\iljmitoxd
[2010/09/02 14:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\demo\Local Settings\Application Data\nlsmikooc
[2010/09/02 14:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\demo\Local Settings\Application Data\mjwpholrl
[2010/09/02 14:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\demo\Application Data\A4AC273A97D0D1B93BF64F4C2E13C50A
[2009/03/02 20:43:38 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2009/03/02 20:43:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2009/03/02 20:43:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2009/03/02 20:43:37 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2009/03/02 20:43:37 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2009/03/02 20:43:36 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2009/03/02 20:43:36 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2009/03/02 20:43:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2009/03/02 20:43:34 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2009/03/02 20:43:32 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2009/03/02 20:43:32 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/21 19:00:25 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/21 19:00:01 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/09/21 18:55:09 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\demo\NTUSER.DAT
[2010/09/21 18:55:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/21 18:54:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/21 18:54:57 | 1600,311,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 19:29:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Desktop\OTL.exe
[2010/09/06 12:41:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\demo\ntuser.ini
[2010/09/06 12:41:11 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/06 12:41:09 | 004,312,788 | -H-- | M] () -- C:\Documents and Settings\demo\Local Settings\Application Data\IconCache.db
[2010/09/06 12:39:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\demo\defogger_reenable
[2010/09/06 09:59:36 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\demo\Desktop\Defogger.exe
[2010/09/06 09:52:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\demo\Desktop\gmer.zip
[2010/09/05 14:51:04 | 000,033,129 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/05 13:10:32 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 12:48:47 | 000,001,002 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/08/30 20:19:39 | 000,000,533 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/29 10:48:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/25 10:39:03 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\demo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/06 12:40:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\demo\Desktop\gmer.exe
[2010/09/06 12:39:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\demo\defogger_reenable
[2010/09/06 12:28:51 | 1600,311,296 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/06 12:24:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\demo\Desktop\gmer.zip
[2010/09/06 12:24:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\demo\Desktop\Defogger.exe
[2010/09/06 11:55:25 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/05 13:10:32 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 21:41:49 | 000,001,002 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/03/02 20:45:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2009/03/02 20:45:11 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2009/03/02 20:44:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2009/03/02 20:43:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2009/03/02 20:43:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/03/02 20:37:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2009/03/02 20:37:08 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2009/03/02 20:37:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2008/05/02 14:27:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2007/09/15 19:08:49 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007/07/04 10:05:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSDiff.INI
[2007/06/11 11:17:17 | 000,001,160 | ---- | C] () -- C:\WINDOWS\visualdirsize.ini
[2007/06/05 07:39:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/05/30 20:03:43 | 000,003,107 | ---- | C] () -- C:\WINDOWS\lsplugin.ini
[2007/05/17 07:56:23 | 000,001,113 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007/05/08 18:40:42 | 000,000,146 | ---- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2007/04/09 17:35:07 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\demo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/30 21:27:40 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2007/03/28 17:57:37 | 000,436,224 | ---- | C] () -- C:\WINDOWS\wweb32.dll
[2007/03/24 16:15:54 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2007/03/24 13:40:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2007/03/24 10:23:37 | 000,001,314 | ---- | C] () -- C:\Documents and Settings\demo\Application Data\wklnhst.dat
[2007/03/19 10:16:25 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\demo\Local Settings\Application Data\fusioncache.dat
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/25 10:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/07/26 14:51:38 | 000,000,165 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/26 14:44:34 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/07/26 14:42:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/07/26 14:40:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/26 14:40:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/26 14:40:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/26 14:40:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/26 14:40:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/26 14:40:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/26 14:33:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/26 11:17:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/25 13:21:49 | 000,000,910 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/25 12:50:12 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/25 12:49:39 | 000,531,280 | ---- | C] () -- C:\WINDOWS\System32\msyiovee.dll
[2005/08/25 11:58:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/06 12:30:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/17 09:46:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 10:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 10:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/04 05:00:00 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/25 05:56:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/25 05:56:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/25 05:56:14 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
< End of report >
__________________________________________



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/19/2007 10:16:04 AM
System Uptime: 9/6/2010 12:28:13 PM (0 hours ago)

Motherboard: Sony Corporation | | Q-Project
Processor: Intel® Pentium® M processor 1.73GHz | N/A | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 39.01 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP336: 5/25/2010 9:33:53 PM - Software Distribution Service 3.0
RP337: 5/27/2010 7:59:58 AM - Software Distribution Service 3.0
RP338: 5/28/2010 9:50:46 AM - Software Distribution Service 3.0
RP339: 5/29/2010 1:00:13 PM - Software Distribution Service 3.0
RP340: 5/30/2010 4:57:00 PM - Software Distribution Service 3.0
RP341: 5/31/2010 5:54:11 PM - Software Distribution Service 3.0
RP342: 6/2/2010 8:18:56 AM - Software Distribution Service 3.0
RP343: 6/3/2010 2:57:24 PM - Software Distribution Service 3.0
RP344: 6/4/2010 3:46:06 PM - Software Distribution Service 3.0
RP345: 6/5/2010 4:46:31 PM - Software Distribution Service 3.0
RP346: 6/6/2010 5:47:51 PM - Software Distribution Service 3.0
RP347: 6/7/2010 9:53:50 PM - Software Distribution Service 3.0
RP348: 6/8/2010 10:57:01 PM - Software Distribution Service 3.0
RP349: 6/10/2010 8:37:59 AM - Software Distribution Service 3.0
RP350: 6/11/2010 6:54:02 PM - Software Distribution Service 3.0
RP351: 6/12/2010 8:42:51 PM - Software Distribution Service 3.0
RP352: 6/14/2010 8:29:13 AM - Software Distribution Service 3.0
RP353: 6/15/2010 8:33:48 AM - Software Distribution Service 3.0
RP354: 6/15/2010 6:08:01 PM - Revo Uninstaller's restore point - Auslogics Disk Defrag
RP355: 6/15/2010 6:10:25 PM - updates61510
RP356: 6/15/2010 6:23:59 PM - winupdates61510
RP357: 6/15/2010 6:36:53 PM - Software Distribution Service 3.0
RP358: 6/15/2010 6:54:56 PM - Printer Driver Microsoft XPS Document Writer Installed
RP359: 6/15/2010 7:50:00 PM - Software Distribution Service 3.0
RP360: 6/15/2010 8:38:40 PM - Software Distribution Service 3.0
RP361: 6/15/2010 8:55:17 PM - Software Distribution Service 3.0
RP362: 6/19/2010 2:30:55 PM - Software Distribution Service 3.0
RP363: 6/20/2010 6:49:24 PM - Software Distribution Service 3.0
RP364: 6/21/2010 10:49:39 PM - Software Distribution Service 3.0
RP365: 6/23/2010 10:58:43 AM - Software Distribution Service 3.0
RP366: 6/24/2010 11:06:13 AM - Software Distribution Service 3.0
RP367: 6/25/2010 12:43:39 PM - Software Distribution Service 3.0
RP368: 6/26/2010 3:43:44 PM - Software Distribution Service 3.0
RP369: 6/27/2010 7:51:57 PM - Software Distribution Service 3.0
RP370: 6/28/2010 7:55:34 PM - Software Distribution Service 3.0
RP371: 6/30/2010 11:56:01 AM - Software Distribution Service 3.0
RP372: 7/1/2010 2:12:38 PM - Software Distribution Service 3.0
RP373: 7/2/2010 5:37:38 PM - Software Distribution Service 3.0
RP374: 7/4/2010 11:41:16 AM - Software Distribution Service 3.0
RP375: 7/5/2010 8:06:01 PM - Software Distribution Service 3.0
RP376: 7/6/2010 11:14:09 PM - Software Distribution Service 3.0
RP377: 7/8/2010 9:14:01 AM - Software Distribution Service 3.0
RP378: 7/9/2010 9:41:32 AM - Software Distribution Service 3.0
RP379: 7/10/2010 11:42:40 AM - Software Distribution Service 3.0
RP380: 7/11/2010 1:20:06 PM - Software Distribution Service 3.0
RP381: 7/12/2010 1:56:50 PM - Software Distribution Service 3.0
RP382: 7/13/2010 10:10:01 PM - Software Distribution Service 3.0
RP383: 7/15/2010 10:58:23 AM - Software Distribution Service 3.0
RP384: 7/15/2010 12:05:09 PM - Software Distribution Service 3.0
RP385: 7/16/2010 10:44:22 PM - Software Distribution Service 3.0
RP386: 7/18/2010 12:58:03 PM - Software Distribution Service 3.0
RP387: 7/19/2010 6:34:24 PM - Software Distribution Service 3.0
RP388: 7/20/2010 8:59:18 PM - Software Distribution Service 3.0
RP389: 7/22/2010 10:20:42 AM - Software Distribution Service 3.0
RP390: 7/23/2010 1:37:02 PM - Software Distribution Service 3.0
RP391: 7/24/2010 8:02:22 PM - Software Distribution Service 3.0
RP392: 7/25/2010 8:32:17 PM - Software Distribution Service 3.0
RP393: 7/26/2010 8:39:38 PM - Software Distribution Service 3.0
RP394: 7/28/2010 11:01:05 AM - Software Distribution Service 3.0
RP395: 7/29/2010 11:49:45 AM - Software Distribution Service 3.0
RP396: 7/30/2010 4:38:10 PM - Software Distribution Service 3.0
RP397: 7/31/2010 5:31:22 PM - Software Distribution Service 3.0
RP398: 8/1/2010 6:44:47 PM - Software Distribution Service 3.0
RP399: 8/2/2010 7:11:18 PM - Software Distribution Service 3.0
RP400: 8/3/2010 9:02:29 PM - Software Distribution Service 3.0
RP401: 8/5/2010 10:28:32 AM - Software Distribution Service 3.0
RP402: 8/6/2010 11:43:03 AM - Software Distribution Service 3.0
RP403: 8/7/2010 7:26:36 PM - Software Distribution Service 3.0
RP404: 8/9/2010 10:30:23 AM - Software Distribution Service 3.0
RP405: 8/10/2010 10:35:29 AM - Software Distribution Service 3.0
RP406: 8/11/2010 9:22:31 PM - Software Distribution Service 3.0
RP407: 8/12/2010 9:42:43 PM - Software Distribution Service 3.0
RP408: 8/14/2010 9:04:28 AM - Software Distribution Service 3.0
RP409: 8/15/2010 9:06:36 AM - Software Distribution Service 3.0
RP410: 8/16/2010 10:24:02 AM - Software Distribution Service 3.0
RP411: 8/17/2010 7:40:31 PM - Software Distribution Service 3.0
RP412: 8/18/2010 8:13:31 PM - Software Distribution Service 3.0
RP413: 8/20/2010 9:53:44 AM - Software Distribution Service 3.0
RP414: 8/21/2010 8:22:59 PM - Software Distribution Service 3.0
RP415: 8/22/2010 9:17:36 PM - Software Distribution Service 3.0
RP416: 8/24/2010 9:18:31 AM - Software Distribution Service 3.0
RP417: 8/25/2010 1:51:23 PM - Software Distribution Service 3.0
RP418: 8/26/2010 4:43:21 PM - Software Distribution Service 3.0
RP419: 8/27/2010 9:21:57 PM - Software Distribution Service 3.0
RP420: 8/29/2010 10:11:51 AM - Software Distribution Service 3.0
RP421: 8/30/2010 10:48:42 AM - Software Distribution Service 3.0
RP422: 8/31/2010 5:22:29 PM - Software Distribution Service 3.0
RP423: 9/2/2010 11:34:00 AM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.65
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Antivirus 2010
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
Canon PowerShot A480 Camera User Guide
CCleaner
CharisSIL 4.106
Click to DVD 2.0.03 Menu Data
Click to DVD 2.4.10
CSDiff
DivX Web Player
DVgate Plus
ERUNT 1.1j
Facebook Plug-In
Google Talk (remove only)
Google Talk Plugin
GSpot Codec Information Appliance
GTK+ 2.10.6-1 runtime environment
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
IrfanView (remove only)
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 17
Lexmark 3600-4600 Series
Malwarebytes' Anti-Malware
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - esn
Microsoft .NET Framework 3.5 Language Pack - fra
Microsoft .NET Framework 3.5 Language Pack - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft Security Essentials
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
Module linguistique Microsoft .NET Framework 3.5 - fra
MozBackup 1.4.6
Mozilla Firefox (3.5.4)
MPF
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
OpenMG Secure Module 4.2.00
Paquete de idioma de Microsoft .NET Framework 3.5 - esn
PhotoFiltre
Pixia
QuickTime
Realtek High Definition Audio Driver
RegSvrEx
Revo Uninstaller 1.85
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Setting Utility Series
SonicStage 3.2
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Sophos Anti-Rootkit 1.5.4
The GIMP 2.2.13
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.2
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Support Central
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
WinPcap 4.0
WordWeb
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
yWriter4

==== Event Viewer Messages From Past Week ========

9/6/2010 12:34:45 PM, error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 12:34:41 PM, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 12:34:21 PM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 12:34:15 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 12:34:12 PM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 12:33:56 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 12:30:10 PM, error: DCOM [10001] - Unable to start a DCOM Server: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} as /. The error: "%5" Happened while starting this command: c:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -s -Embedding
9/6/2010 12:06:11 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147611223 User: 74DB451F69A44E8\demo Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.843.0, AS: 1.89.843.0 Engine Version: 1.1.6103.0
9/6/2010 11:56:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147611223 User: 74DB451F69A44E8\demo Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.89.843.0, AS: 1.89.843.0 Engine Version: 1.1.6103.0
9/5/2010 11:54:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.843.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/5/2010 11:54:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/5/2010 11:49:25 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
9/5/2010 11:46:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/5/2010 11:45:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips intelppm MpFilter
9/2/2010 9:40:56 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.
9/2/2010 9:39:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
9/2/2010 9:39:32 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
9/2/2010 9:39:08 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/2/2010 9:39:08 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/2/2010 8:06:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/2/2010 8:06:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2010 8:06:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2010 8:06:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/31/2010 8:01:09 PM, error: PSched [14103] - QoS [Adapter {7927C94D-EB05-4146-A752-AE2EBD103E75}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================




#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 23 September 2010 - 03:00 PM

hi,

uploads are a little tricky.. it is not enough to select them, you need to also click the green upload button besides the browse button.

PLease run a scan with Rootkit Unhooker next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 milansu45

milansu45
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 23 September 2010 - 11:15 PM

"PLease run a scan with Rootkit Unhooker next:

Please download GMER from one of the following locations and save it to your desktop: "

Am I running rootkit unhooker > http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE <
or GMER? Both?
Please provide further instructions.
Thanks for help. Mike


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 24 September 2010 - 01:21 AM

Hi,

sorry about that! Let's go for both Rootkit Unhooker and gmer.

gmer will often freeze and not run through, if that is the case please only run Rootkit Unhooker:

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 milansu45

milansu45
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 26 September 2010 - 09:28 PM

Okay here you are...

___________________________________

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xA8BE3000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4083712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB923F000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3284992 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB95FB000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA8A98000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF075000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xA89E9000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 716800 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9E04000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA87D1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9150000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA88D6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7BBC000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA75F3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA8424000 C:\WINDOWS\System32\Drivers\usbvm321.sys 249856 bytes (Vimicro Corporation, VM321 Video Driver)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver)
0xB91A9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9DD7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8B95000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 180224 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xA7E43000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA73C9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8840000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA888D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB95C1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
0xA73A6000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9202000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA89C6000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB959E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA886B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA8BC1000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA88B5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ECD000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB957E000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB9561000 C:\WINDOWS\system32\drivers\tifmsony.sys 118784 bytes (Texas Instruments, tifmsony.sys)
0xB9DBC000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9225000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EA4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB91EB000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA822F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB95E7000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA892E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E91000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EBB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB91DA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA9038000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xA8769000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0B8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA85C9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA158000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA84D9000 C:\WINDOWS\System32\Drivers\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA168000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA1E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7A14000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA8779000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA470000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA398000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA420000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA418000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xBA3B0000 C:\WINDOWS\System32\Drivers\USBCAMD2.SYS 24576 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xBA388000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA390000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA448000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA450000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA408000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3B8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA86A1000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9D63000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8469000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBA598000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA7EDB000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB9D87000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA568000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA854D000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA5CA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA612000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA5AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5CC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5D4000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xBA5CE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7AC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA710000 C:\WINDOWS\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xBA78F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA67E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x88731AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x89EAEB70 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9EED000 WARNING: suspicious driver modification [atapi.sys::0x88731AEA]
0xA88D6000 WARNING: Virus alike driver modification [tcpip.sys], 360448 bytes


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 27 September 2010 - 06:35 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 milansu45

milansu45
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 27 September 2010 - 09:50 AM

Thanks for your help on this myrti. I've already considered I might have to wipe the disk and start over. I don't want to spend a lot more time messing with it. Sometimes you get it cleaned off and then find components of OS have been severely damaged, if workable. I would like to know what you think is the safest way to get some folders out of My Documents and off the infected computer. Flash drive or external media for instance. Or is there even a safe way? I'm thinking it may be possible to burn the folders to disk. I do have 2 external drives and a large USB drive. I think my daughter wants to try and save about 4-5 folders of school stuff in her documents.
Any advice appreciated or do you think I should just let it go. Mike

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 27 September 2010 - 03:04 PM

Hi,

These are the instructions we give when a file infector has been found on the PC. If you respect these advices nothing should be able to creep from one PC to another:
You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you need to use a flash drive, please run flash disinfector on them first. (Only works on XP)

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 milansu45

milansu45
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle
  • Local time:08:51 AM

Posted 27 September 2010 - 09:51 PM

Thanks myrti.
You're advice will be well-taken. I would like to know if such a utility as Flash_Disinfector available for Vista/Win7? I don't think it wise to proceed on this XP Vaio, so case should probably close. I'll spend too much of my time and your time and have only questionable results. I think it is best to just wipe the disk, re-format and maybe put on ubuntu, which has worked out well on our work computers. This is okay. the Vaio has been a solid laptop for us, but the hardware is getting on and is about 5-years old now. Per your instructions, I'll carefully try to get the files out of the documents folders and burn to cd-dvd. Again thanks for your assistance.

Mike -Seattle 9/7/2010

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 28 September 2010 - 03:46 AM

Hi,

Flash_Disinfector will remove any infection on the flash drive before vaccinating it and can so be used on an infected PC as well. I know of a couple of other tools that will vaccinate your flash drive, most are not made for surviving OS switching. Flash_Disinfector is the only one I know that will remain safe even when using Ubuntu and Windows.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:51 PM

Posted 28 September 2010 - 03:55 AM

Hi,

Flash_Disinfector will remove any infection on the flash drive before vaccinating it and can so be used on an infected PC as well. I know of a couple of other tools that will vaccinate your flash drive, most are not made for surviving OS switching. Flash_Disinfector is the only one I know that will remain safe even when using Ubuntu and Windows.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users